If you’ve been following our recent CIO series on the Gemalto blog you may be wondering how the US fares when it comes to enterprise security. In comparison with the UK, France, Germany and the Nordics, the US establishes itself as a land of caution, influenced by the lessons learned from recent security breaches around the world (many of which were on home soil) reported by bloggers like Brian Krebs.

51% of US CIOs are responsible for managing IT security within their companies, in comparison to 70%, for example, in France. So what does this tell us about the USA’s attitude towards enterprise security? Put simply, in the US it doesn’t always take more than one opinion to deem something secure, but maybe it should. Internal auditing is still the most popular method of determining risk and just 11% of US employees are allowed to download and install new applications on their PCs (or Macs) without having to get approval first.

No train, no gain

It may be shocking to learn that just 10% of US employees are the administrators of their own PCs. Shocking, right? Well, what if I told you that a whopping 71% of US companies use internal training to ensure individual departments take responsibility for the security risks they introduce to the workplace. Compare this with the UK and just 58% of companies rely on training to validate the responsibility a department has for security. The simple truth is that just 11% of UK companies decide to introduce IT security following a crisis, many adopting proactive policies, while a staggering 42% of US companies claim that security measures are only taken reactively, often once they’ve already suffered a breach.

In the US, 41% of companies let their employees have control over the majority of data/information shared by executives, compared to just 19% in the Nordics, yet, both have similar levels of enterprise mandated mobile device policies (around 60%). So what does this tell us about trust? Two thirds of US companies concede that tablets are making their way into the corporate ecosystem, again similar to the Nordics and UK, but only 30% admit that there is some level of security risk attached.

Harder, Faster, Better, Stronger (authentication)

27% of US companies are already using two-factor authentication, however, a larger percentage (67%, the highest of all the countries surveyed) feel that the primary obstacle between wider adoption of secure authentication is cost. This may prove surprising, especially when you compare the USA’s (admittedly struggling) superpower economy with the fledgling economic influence of Norway, Sweden and the like, 32% of which believe they already have enough digital protection in place.

While it’s clear that US CIOs believe strong authentication and security measures are more important than user convenience at work (77% agree), when it comes to BYOD policies, the US, like the UK, is behind the pace when it comes to extra security for remote network access. In the Nordics, two thirds of CIOs have extra security measures in place for remote access, while in the US, it’s just over half.

The Americas are no different from other parts of the world - online banking is becoming second nature. The latest instalment of our world tour of ebanking security features cases…

From Twitter

Loading...

More from Twitter

Subscribe to updates

Select a category of interest:

Enter your email address:

Delivered by FeedBurner. Submitting this form will open a popup window to the FeedBurner website.

Latest comments

01/02/18 @ 15:02BnsHolding an ID card is going to become a necessity and so it should be. Biometric/fingerprints whatever can be done to make sure each is/shows easily the person with it is legally here. A passport is no longer sufficient, and as cases of document forgery show not having this is costing the country.. from bogus papers, false records etc. Now is the right time to set this up.. all residents should comply as surely refusal just raises doubt about them.

22/01/18 @ 11:01Paul McCherryDeployment Scalability and Visibility definitely need improving but Security must be the primary concern. Without confidence in the security of the devices, IOT installations will be sporadic at best. What simple solution is there for small to medium companies to keep an eye on their whole IOT infrastructure. ie smart lightbulbs, smart coffee machines, Ip based cctv cameras. smart Television and DVR, etc ? There seems to be a few appearing for large IOT installations but costs of IOT platforms put off many smaller companies and the latest Mirai Botnet attack came from unsecured IOT devices installed in smaller companies.